Lucene search
K

7488 matches found

Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.9 views

PT-2024-1066 · Openvpn · Openvpn Connect

Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions 3.0 through 3.4.6 Description: The issue is related to the failure to neutralize instructions in dynamically executed code. Exploitation of this issue may allow an attacker to execute arbitrary code using the DYLD...

7.8CVSS8AI score0.00239EPSS
Exploits0References8
OSV
OSV
added 2024/01/07 9:27 p.m.5 views

SUSE-SU-2024:0045-1 Security update for gcc13

This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided...

4.8CVSS5.5AI score0.00666EPSS
Exploits1References12
Fedora
Fedora
added 2024/01/04 1:38 a.m.16 views

[SECURITY] Fedora 38 Update: python3.11-3.11.7-2.fc38

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

5.3CVSS5.4AI score0.02507EPSS
Exploits1
Fedora
Fedora
added 2023/12/28 12:55 a.m.64 views

[SECURITY] Fedora 38 Update: python3.12-3.12.1-2.fc38

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

5.3CVSS6.3AI score0.02507EPSS
Exploits1
Veracode
Veracode
added 2023/12/27 7:39 a.m.25 views

Weak Hashing Algorithm

bsock is vulnerable to a Weak Hashing Algorithm. The vulnerable is due to the libraries usage of weak hashing algorithm MD5, SHA1 within vendor\faye-websocket.js. This could allow an attacker to break the confidentiality of the websocket communication...

9.1CVSS6.7AI score0.0054EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2023/12/26 12:0 a.m.20 views

Fedora: Security Advisory (FEDORA-2023-c61a7d5227)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.3AI score0.02507EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/12/25 7:15 a.m.2 views

CVE-2023-28872

Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...

8.8CVSS6AI score0.00774EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/21 5:24 p.m.66 views

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)

Summary JavaScript libraries postcss, semver, and babel-traverse are used by IBM Storage Fusion HCI's Web Interface. Vulnerabilities in these libraries could lead to Denial of Service and Arbitrary Code Injection as described the the CVEs listed in the "Vulnerability Details" section. Vulnerabili...

9.3CVSS8.8AI score0.02761EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:4 p.m.39 views

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote...

9.8CVSS9.6AI score0.99615EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:3 p.m.36 views

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a...

7.5CVSS7.4AI score0.02459EPSS
Exploits3Affected Software1
OSV
OSV
added 2023/12/20 5:2 p.m.5 views

DRUPAL-CONTRIB-2023-055

This module allows you to turn various data sources Eg CSV or JSON file into interactive visualisation. The DVF module provides a field storage, widget & formatter that can be added to any entity. This module uses two third-party JS libraries having from low to medium vulnerabilities. One of the...

6.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/12/20 12:0 a.m.31 views

openSUSE 15 Security Update : putty (openSUSE-SU-2023:0411-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0411-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References4
Fedora
Fedora
added 2023/12/15 2:19 a.m.14 views

[SECURITY] Fedora 38 Update: dotnet6.0-6.0.125-1.fc38

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 9:6 p.m.32 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2015-8383, CVE-2015-8381, CVE-2015-8386, CVE-2015-8388, CVE-2015-8385, CVE-2015-8387, CVE-2015-8391, CVE-2015-8390, CVE-2015-839...

9.8CVSS8.4AI score0.51733EPSS
Exploits8Affected Software1
OSV
OSV
added 2023/12/14 12:15 a.m.5 views

CVE-2023-21751

Azure DevOps Server Spoofing Vulnerability...

6.5CVSS5.8AI score0.00977EPSS
Exploits0References1
Prion
Prion
added 2023/12/13 9:15 a.m.19 views

Design/Logic Flaw

Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...

4.3CVSS7.5AI score0.00536EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2023/12/13 9:10 a.m.5 views

catalog.citruslibraries.org Cross Site Scripting vulnerability OBB-3811424

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
CVE
CVE
added 2023/12/13 8:26 a.m.52 views

CVE-2023-31210

CVE-2023-31210 affects Checkmk 2.2.0p10 to 2.2.0p16, where a user-controlled LD_LIBRARY_PATH in the agent can be exploited by a malicious Checkmk site user to escalate privileges via injection of malicious libraries. The documents confirm the affected product (Checkmk), the vulnerable component (...

8.8CVSS8.2AI score0.00536EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/13 8:26 a.m.18 views

CVE-2023-31210 Privilege escalation in agent via LD_LIBRARY_PATH

Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...

8.8CVSS9.1AI score0.00536EPSS
Exploits0References1
OSV
OSV
added 2023/12/12 5:15 p.m.32 views

CVE-2023-28465

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

7.5CVSS6.8AI score0.01166EPSS
Exploits1References3
Rows per page
Query Builder